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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 05 October 2004 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3)D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 
closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4® Claim(s) 1-6. 19-21, 26-32 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-6. 19-21. 26-32 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

1 2)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies .of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) □ Notice of References Cited (PTO-892) 

2) [H Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) □ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CI Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20050303 
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DETAILED ACTION 



Information Disclosure Statement 



1. The examiner has reviewed application 10/000154 in view of the applicants 
amendment to consider the references previously not considered from PTO-1449 filed on 
1/12/02. The references claimed to have been submitted could not be found in that 
application, or the current application. The references previously not considered, have 
remained not considered. 

Response to Amendment 

2. Applicant's arguments filed 10/05/2004 have been fully considered but they are not 
persuasive. 

The applicant argues that Colie US 6,473,406, uses a proxy machine that is not associated 
with the server. The examiner disagrees. "Associates" must be interpreted in the 
broadest sense. Colie teaches a proxy server that is connected to and interacts with the 
server in the server-client connection. This proxy server has a security system, and it is 
working for the server, thus there is "a security system associated with the server". 



Rejections of claims 1-6, 19-21, and 26-32 can be found in the previous action, as stated 
below: 
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Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 1-16, 18-20, 22, 23, and 25-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Coile US 6,473,406 in view of Davis US 6,367,009. 



As per claim 1 , Coile discloses sending a message from a client to a server to establish a 

connection, (Col 3 lines 24-30). Coile discloses intercepting the data at a security system (proxy) 

associated with the server to perform authentication functions, (Co! 5 lines 57-60). 

Coile does not disclose that a message is sent to establish a "secure" connection. 

Davis discloses sending a message (certificate message) to establish a secure SSL connection, 

(Col 1 1 lines 30-35). 

It would be obvious to one skilled in the art to add Davis's certificate message and SSL protocol 

to Coile's proxy server. The proxy server of Coile using the certificate/SSL system of Davis would 

improve the security of the communications of the system. 

As per claim 2, Coile does not disclose determining server authentication. 

Davis discloses determining server authentication, (Col 10 line 35). 

As per claim 3, Coile discloses client authentication, (Col 5 lines 63-65). 

As per claim 4, Coile does not disclose digital certificates. 

Davis discloses validating digital certificates, (Col 10 lines 35-40). 

As per claim 5, Coile does not disclose encryption. 

Davis discloses SSL encryption and decryption, (Col 2 lines 10-15). 
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As per claim 6, Coile does not disclose specific authentication techniques. 

Davis discloses a server requesting client authentication, and authenticating the client's 

certificate, (Col 1 1 lines 39-43). 

As per claim 7, Coile does not disclose digital signatures. 

Davis discloses the client including a digital signature which is authenticated, (Col 11, line 41). 
As per claims 8-11, 19, 22 26-32 Coile does not disclose SSL. 

Davis discloses the SSL connection algorithm. Davis discloses a client sending a "client hello" 
message indicating a request to establish a secure connection with the server, (Col 10 line 20, 
Fig 6). Davis discloses the Server sending a "server hello" message, (Col 10 line 21, Fig 6). 
Davis discloses exchanging authentication information, (Col 10 lines 30-35). Davis discloses 
sending a "server hello done" (Col 10 line 33, Fig 6). Davis discloses that in the SSL protocol 
authentication information is exchanged between the client and server, (Col 10 lines 24,25, 41- 
44). Davis discloses the transaction completes in the SSL protocol, which includes a "client hello 
done" message, (Col 10 lines 43-47). 

It would be obvious to one skilled in the art to add the SSL protocol of Davis to the authentication 
proxy server of Coile to improve security and prevent unauthorized access. 
As per claim 12, Coile does not disclose CRL checking. 

Davis discloses the determining if the client is on a CRL (list), (Col 13, lines 35-42). 
As per claim 1 3, Coile does not disclose digital signatures. 

Davis discloses the client providing a digital signature for verification, (Col 1 1 lines 40-44). 

As per claim 14, Coile does not disclose decryption. 

Davis discloses decryption using the SSL protocol, (Col 2 lines 10-14). 

As per claim 15, Coile discloses an application module (proxy server) to receive incoming data 

from a client destined for a given server and route the data to an authentication module 

(authentication program) to validate the identity of the client, (Col 3 lines 24-30, Col 5 lines 59, 60, 

63, 64). Coile discloses the system is wired, (Fig 1). Coile does not disclose a wireless system, 

or encryption. 
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Davis discloses wireless clients (Fig 2). Davis discloses encryption and decryption through the 
SSL protocol, (Col 2 lines 10-14). 

As per claims 16, 18, 20, 23, and 25, the examiner takes official notice, it would be obvious to one 
skilled in the art to obtain the server certificate from a certificate authority at user defined 
intervals. 

Claims 17, and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Maher 
US 6,125,349. 

The Coile-Davis combination does not disclose short and long term certificates. Maher discloses 
use of short and long-term certificates, (Col 5 lines 5-20). 

It would be obvious to add the use of short and long-term certificates of Maher with Coile-Davis's 
authentication system, so that the short-term certificates could be utilized after initial 
authentication, so that the server would not have to check the CRL until after the short-term 
certificate had expired. 

Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over Van Oorschot US 
5,699,431 

As per claim 21, the Coile-Davis combination does not disclose updating the CRL. Van Oorshot 
discloses updating the CRL, (Col 4 lines 39-42). 

It would be obvious to add CRL updating to the Coile-Davis combination to prevent unauthorized 
certificate holders from accessing a protected resource. 

Conclusion 

3, THIS ACTION IS MADE FINAL, Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher J Brown whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (571)272-3838. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Christopher J Brown 




3/3/05 




